php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73213 Integer overflow in imageline() with antialiasing
Submitted: 2016-09-30 20:52 UTC Modified: 2016-09-30 20:52 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 5.6.26 OS: 32bit,LLP64
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2016-09-30 20:52 UTC] cmb@php.net
Description:
------------
Drawing very large antialised lines causes integer overflows in
gdImageAALine(), what can lead to strange results and even
crashes.

This issue had been reported upstream as
<https://github.com/libgd/libgd/issues/5> and fixed, but the fix
didn't yet make it to PHP's bundled libgd.


Test script:
---------------
<?php

$im = imagecreatetruecolor(32768, 1);
$black = imagecolorallocate($im, 0, 0, 0);
imageantialias($im, true);

imageline($im, 0,0, 32767,0, $black);

imagepng($im, __DIR__ . DIRECTORY_SEPARATOR . 'aa-bug.png');


Expected result:
----------------
A PNG image with a line.

Actual result:
--------------
PHP crashes.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-30 20:52 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2016-09-30 22:08 UTC] cmb@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9acfb1a3a5268febb123b7e5fbd4eaf072c83537
Log: Fix #73213: Integer overflow in imageline() with antialiasing
 [2016-09-30 22:08 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2016-10-17 10:07 UTC] bwoebi@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9acfb1a3a5268febb123b7e5fbd4eaf072c83537
Log: Fix #73213: Integer overflow in imageline() with antialiasing
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 17:01:29 2024 UTC